Microsoft Discloses Linux Kernel Flaws in TEQL and USB CAN Drivers
Microsoft published security advisories for two Linux kernel vulnerabilities tracked as CVE-2026-23277 and CVE-2026-23334. The first issue affects the networking stack, where net/sched: teql received a fix for a NULL pointer dereference in iptunnel_xmit during TEQL slave transmission, indicating a kernel-level flaw that could lead to instability or denial-of-service conditions.
A second advisory, CVE-2026-23334, affects the CAN USB driver path, with a fix in can: usb: f81604 to properly handle short interrupt URB messages. Together, the disclosures highlight separate low-level Linux kernel defects in networking and device-driver components that require patching through vendor security updates.
Timeline
Mar 26, 2026
Microsoft publishes advisory for CVE-2026-23334
Microsoft's Security Update Guide published an advisory for CVE-2026-23334, covering a fix for improper handling of short interrupt URB messages in the can: usb: f81604 component.
Mar 21, 2026
Microsoft publishes advisory for CVE-2026-23277
Microsoft's Security Update Guide published an advisory for CVE-2026-23277, describing a fix for a NULL pointer dereference in iptunnel_xmit on TEQL slave transmit handling.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Microsoft Discloses Broad Set of Linux Kernel Vulnerabilities
Microsoft published a broad batch of Security Update Guide entries for Linux kernel flaws affecting memory management, networking, virtualization, device drivers, and subsystem input validation. The listed issues include use-after-free, NULL dereference, integer underflow, refcount underflow, information disclosure, and bounds-checking failures tracked as **`CVE-2026-31496`**, **`CVE-2026-31458`**, **`CVE-2026-31689`**, **`CVE-2026-31615`**, **`CVE-2026-31664`**, **`CVE-2026-31656`**, **`CVE-2026-31611`**, **`CVE-2026-31671`**, **`CVE-2026-31612`**, and others. Affected components span `nf_conntrack_expect`, `damon`, `edac_mc`, `renesas_usb3`, `xfrm`, `drm/i915`, `ksmbd`, `stmmac`, `tipc`, `mptcp`, `NFC`, `HID`, `KVM`, `mmc`, `x86/CPU`, `PCI endpoint`, `blk-cgroup`, `media/as102`, and `altera-tse`. Several entries point to bugs that could lead to kernel crashes, memory corruption, or data leakage if triggered through malformed input, protocol handling, or device interaction. Notable examples include a slab use-after-free in `mptcp`, information leaks in `xfrm_user` and `xfrm`, validation flaws in `ksmbd`, endpoint index handling in `usb: gadget: renesas_usb3`, and multiple underflow and teardown-ordering bugs across networking and driver code. The disclosures indicate a coordinated publication of upstream Linux kernel fixes through Microsoft's advisory channel, underscoring the need for organizations running Linux workloads in Microsoft-connected environments to review affected kernel versions and apply vendor patches promptly.
Yesterday
Microsoft discloses multiple Linux kernel flaws affecting filesystems, networking, and drivers
Microsoft published a batch of Security Update Guide entries for Linux kernel vulnerabilities spanning core subsystems including `ext4`, `xfs`, memory management, networking, virtualization, and device drivers. The listed issues include memory-safety and stability flaws such as a use-after-free in `ext4` tracked as **CVE-2026-31446**, an `smc` double-free in **CVE-2026-31507**, a teardown-order use-after-free in the `spi-fsl-lpspi` driver in **CVE-2026-31485**, and a Bluetooth `L2CAP` bug in **CVE-2026-31498** that could trigger an infinite loop. Additional entries cover fixes in `af_key`, `netfilter` `ctnetlink`, `nfc` `nci`, `perf`, and memory-management code paths. The disclosures also include filesystem and virtual networking fixes such as **CVE-2026-31452** in `ext4`, **CVE-2026-31454** in `xfs`, and two `openvswitch` issues, **CVE-2026-31678** and **CVE-2026-31679`, addressing tunnel device release handling and MPLS payload-length validation. Microsoft further listed **CVE-2026-31601** in `vfio/xe` and **CVE-2026-31589** in the kernel MM subsystem, indicating broad exposure across Linux environments that rely on affected kernel components. The set of advisories points to patch activity focused on preventing use-after-free, double-free, locking, validation, and resource-lifecycle errors in widely deployed kernel code.
3 days ago
Microsoft Discloses Linux Kernel Flaws in Bridge and DRBD Components
Microsoft published security advisories for two Linux kernel vulnerabilities tracked as **CVE-2026-23381** and **CVE-2026-23356**. The first affects the networking stack's bridge code, where `nd_tbl` can be dereferenced as `NULL` when IPv6 is disabled, creating a stability and potential denial-of-service risk in affected systems. The second advisory covers a logic bug in the Distributed Replicated Block Device (**DRBD**) subsystem, specifically in `drbd_al_begin_io_nonblock()`. Together, the disclosures highlight flaws in both kernel networking and storage-replication paths that administrators should review in Microsoft-tracked update guidance and remediate through available vendor patches.
1 months ago